exploit the possibilities
Showing 1 - 11 of 11 RSS Feed

CVE-2014-4667

Status Candidate

Overview

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

Related Files

Red Hat Security Advisory 2014-1167-01
Posted Sep 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1167-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2014-0205, CVE-2014-3535, CVE-2014-3917, CVE-2014-4667
SHA-256 | f4cef6046c510265613db29bd8c542c592cf332bb9e20ce25867d4caa0282acd
Ubuntu Security Notice USN-2337-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2337-1 - A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0155, CVE-2014-0181, CVE-2014-0206, CVE-2014-4014, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5045
SHA-256 | 5ea5d0d4314836f6fa6b24d0a0cb4c1a706d5ad137e84b32d12c47f0bb15b899
Ubuntu Security Notice USN-2336-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2336-1 - A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0155, CVE-2014-0181, CVE-2014-0206, CVE-2014-4014, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5045
SHA-256 | dc7e46f4955a3c32910dc04c40a47f9d4510df5db2814339aa3608859251c2df
Ubuntu Security Notice USN-2335-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2335-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3917, CVE-2014-4027, CVE-2014-4171, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
SHA-256 | 1f6469115ae1e9bf66756c1ba511a70b860e32a6a371a0d0f97c5240fda89fc0
Ubuntu Security Notice USN-2334-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2334-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3917, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
SHA-256 | 320de95f33b6f9a2559cca5cb221b03f3c70a08b3d9447fe4ab94e546233d565
Ubuntu Security Notice USN-2333-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2333-1 - A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service (system crash) via an open system call. Toralf reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). An information leak was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0203, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
SHA-256 | 937ac3be9b799434ac81bf071aed2f115c6f145b2044ee77c51f45a088575c99
Ubuntu Security Notice USN-2332-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2332-1 - A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service (system crash) via an open system call. Toralf reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). An information leak was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0203, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5077
SHA-256 | d9919ad7ce17798e27ac5fdcd220af2dd382306a3e0b6db94d1b04fc95bac660
Mandriva Linux Security Advisory 2014-155
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-155 - Multiple vulnerabilities have been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4514, CVE-2014-0131, CVE-2014-4027, CVE-2014-4608, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-4699, CVE-2014-4943
SHA-256 | 6933b6a5b4497c29f0f7974ac259e33c762ddd57109d3af0dfff4e246b46004c
Red Hat Security Advisory 2014-1023-01
Posted Aug 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1023-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that Linux kernel's ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word was being set. On IBM S/390 systems, a local, unprivileged user could use this flaw to set address-space-control bits to the kernel space, and thus gain read and write access to kernel memory. It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-0181, CVE-2014-2672, CVE-2014-2673, CVE-2014-2706, CVE-2014-3534, CVE-2014-4667
SHA-256 | f9da9b1899cc57348f709c1973cd2b23ba66942f2757b90ce1d32a5e61df9fa6
Debian Security Advisory 2992-1
Posted Jul 30, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2992-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-3534, CVE-2014-4667, CVE-2014-4943
SHA-256 | b301d9f7ff1c8b9091708894011578d9ffcace82fa2e17ac8e78f3fb69432557
Red Hat Security Advisory 2014-0913-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0913-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-0181, CVE-2014-0206, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153, CVE-2014-3917, CVE-2014-3940, CVE-2014-4027, CVE-2014-4667, CVE-2014-4699
SHA-256 | c05d77b8bb0fb6653e702993e25b62f141d1901c64377ea8e2757ba943646f2b
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close